[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: imap password.

To: rj45 <rj45@righi.df.unibo.it>, ldap list <openldap-software@OpenLDAP.org>
Subject: Re: imap password.
From: prune <prune@lecentre.net>
Date: Wed, 28 Mar 2001 14:53:31 +0200
Organization: Mad Cow Tribe
References: <Pine.BSO.4.21.0103281452560.7100-100000@righi.df.unibo.it>
User-agent: Mozilla/5.0 (X11; U; Linux 2.2.17-21mdk i686; en-US; m18) Gecko/20010131 Netscape6/6.01

As far as I konw, you don't have any password management mechanism in imap protocol... What you probably need to do in build soms interface on a web server. I suggest apache + php, perl, or any cgi script.

Your biggest problem will be to change the password in the shadow file, which may (must) not readable by the web user. A solution could be a command like "su" or "suexec". This is highly insecure.

I know there are some scripts out there which can do that. have a look on freshmeat.net

My best suggestion would be to authenticate users in an ldap directory. Then, your users are totaly system independent (no account needed in passwd and shadow files, no shell account either).

maybe some else on the list answer this question ?

Prune

rj45 wrote:

Hi,
I do not use ldap I simply have my users use imaps and the authentication
is done using the unix shadow password master.passwd in this case
(FreeBSD).
Any suggestions ?

Thanks

Rick


On Wed, 28 Mar 2001, prune wrote:

Hi,

In fact it depends on you auth scheme, I think.... how do you do ?
pam-ldap ?

Prune

rj45 wrote:

Hello, there is a way to allow user to remotely change their own imap
password and doing it also it in a secure TLS/SSL way ?

thanks

Rick

Prev by Date: Re: Runing OpenLDAP with a normal user.
Next by Date: [no subject]
Index(es):
- Chronological
- Thread